Tool Nodes
Tool nodes execute external binaries safely through typed operations. There is no raw shell execution — all commands are constructed from validated, typed configurations.
Principles
Section titled “Principles”- No raw shell execution as a public primitive
- Tools map to typed semantic operations
- Command construction is validated and safe
- stdout/stderr captured and truncated (4KB limit)
- Timeouts enforced via
kill_on_drop
Supported Tools
Section titled “Supported Tools”ffmpeg
Section titled “ffmpeg”| Operation | Description |
|---|---|
media.transcode | Transcode video (codec configurable) |
media.extract_audio | Extract audio track to WAV |
media.thumbnail | Generate thumbnail at timestamp |
yt-dlp
Section titled “yt-dlp”| Operation | Description |
|---|---|
source.youtube_download | Download video from URL |
Example
Section titled “Example”NodeDefinition::tool("thumb", "media.thumbnail", "ffmpeg") .input("input_file", "$context.video.path") .output("thumbnail", "$context.images.thumb", MergePolicy::Replace) .requires("tool.ffmpeg")Security
Section titled “Security”| Concern | Policy |
|---|---|
| Binary resolution | Resolved from PATH (production should use allowlist) |
| Arguments | No arbitrary arguments — commands built from typed configs |
| Working directory | Isolation (planned) |
| Process lifecycle | Killed on timeout via kill_on_drop |
| Output capture | stdout/stderr truncated to 4KB to prevent memory exhaustion |
How It Works
Section titled “How It Works”- The tool runtime executor receives the
ToolRuntimeConfigfrom the node definition - It resolves the binary path and constructs a
Commandfrom the typed operation - The command is executed as a child process with timeout enforcement
- stdout/stderr are captured (truncated to 4KB)
- The result is normalized into a
NodeExecutionResult
No shell is involved — Command directly invokes the binary with arguments derived from the typed config.